Help with an "FBI" virus that has locked up Safari

sleeperblues · May 20, 2014, 11:54:10 PM

While surfing just now on Safari my screen clicked to an official looking FBI website and locked up. Here is the disturbing message:

Typed in all Red

Attention! Your browser has been blocked up for safety reasons listed below. All the actions on this PC are fixed. All your files are encrypted. CONDUCTED AUDIO AND VIDEO

Then this is typed in black beneath that

You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc.) You have violated world declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of United States of America criminal law. Article 161 of United States of American criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.

Then there is a section where I can use some kind of moneypal to send them payment of 300.00 to unlock my computer.

It is all very official looking except for the somewhat stunted English, and luckily for me I also have Firefox on my browser. This is my computer alone and I have never watched any porn on it but I suppose if I had I might be nervous? Not sure what to do now. Is my computer still safe to use.

I was referred to you all for help by Ravencajun, hope you can guide me through this. Thanks!

Corrine · May 21, 2014, 12:15:17 AM

Hi, sleeperblues. Welcome to LandzDown Forum. Ravencajun indeed said you were on the way. You'll see her at LzD as R-C. There are a number of other GW friends at this forum as well.

Because I'm dealing with some real-life issues right now, I've contacted other members of the team to help you. You'll be in great hands!

zep516 · May 21, 2014, 01:11:00 AM

Hello,

Is that true you're able to use Firefox with no issues resulting at all and the computer acts normally and the only time you see the ransom page is in the Safari browser?

Joe

R-C · May 21, 2014, 01:25:23 AM

That was my question too Joe. I am hopeful that means it did not get into the system? Hopefully a few scans can tell us what is going on.

R-C · May 21, 2014, 01:26:09 AM

Sleeperblues glad you made it here!

winchester73 · May 21, 2014, 01:35:54 AM

What operating system are you using?

Anyone have the link to the GW thread handy?

zep516 · May 21, 2014, 01:54:31 AM

I don't see a post on GW, It's a mac computer. The issue I believe is limited to the Safari browser, where just a ransom page shows up.

sleeperblues · May 21, 2014, 02:07:13 AM

Hi Everyone, Thanks for the warm welcome. Yes, it's true I can use Firefox but not Safari so I was hoping the whole computer is not infected. It is a mac computer and I am not really tech savvy so please refresh my memory. How do I find the operating system I am using?

sleeperblues · May 21, 2014, 02:10:46 AM

Googled it, and it's OS 10.6.8

Corrine · May 21, 2014, 02:12:43 AM

@Winchester73, here's the GW thread: http://ths.gardenweb.com/forums/load/kitchentable/msg051751441548.html?4

For future reference, sleeperblues, you can get detailed information here: OS X: Finding your OS version and build information

winchester73 · May 21, 2014, 02:13:47 AM

http://ths.gardenweb.com/forums/load/kitchentable/msg051751441548.html?4

You actually caught a break, with Mac OS X the virus can be removed by restoring browser settings or quitting the browser. On Windows computers, the virus must be removed using more complicated tools.

That's why I wanted to confirm your OS. Safari is typically an Apple thing, but some Windows users have it installed as a browser.

winchester73 · May 21, 2014, 02:18:06 AM

I'm not a Mac guy, but here's what I would do, reset Safari to its default settings ...

1. Click on "Safari" in the menu bar at the top of your infected Safari session, and then choose Reset Safari. A small window containing all of Safari's reset options will display.

2. In the new window "are you sure you want to reset Safari", make sure all items are ticked and click on the Reset button.

The FBI MoneyPak virus should then be removed from Safari, and no longer affect your computer.

winchester73 · May 21, 2014, 02:24:35 AM

Quote from: Corrine on May 21, 2014, 02:12:43 AM
@Winchester73, here's the GW thread: http://ths.gardenweb.com/forums/load/kitchentable/msg051751441548.html?4

For future reference, sleeperblues, you can get detailed information here: OS X: Finding your OS version and build information

Something about great minds and thinking alike pops into my head :D

If no joy with resetting the default, you might try this next ...

1. Press Command + Option + Escape simultaneously. This will open the Force Quit Applications window.

2. Select Safari (and any other browser in which you are seeing the FBI ransomware notification).

3. Click the button that says Force Quit. This will forcefully end your browser program, thus removing the pest.

Should you be unable to switch from an unresponsive app, press Command + Option + Shift + Esc for three seconds to force it to quit. This key combination tells OS X to force quit the frontmost app.

sleeperblues · May 21, 2014, 02:38:11 AM

I tried to quit safari, and now I cannot get it to open up and the virus message is not on the screen anymore. The Safari icon is still on the bottom of my computer but when I click on it nothing happens. I'm hoping this means the computer is safe to use?

sleeperblues · May 21, 2014, 02:56:04 AM

OK, got it fixed. Thanks for all your help. Safari is up and running now, but I'm not going to use it. Another question. What would be a good anti-virus software for Mac? apparently, according to my husband, we don't have it because macs don't need it. Obviously, not so. Thanks in advance for your help!